Cyber Security Advisory Director | vCISO Leadership

Ankura is a team of excellence founded on innovation and growth. This position supports the Data & Technology practice - one of six practices focused on client delivery services across the Firm. Our global team of over 100 professionals includes former federal law enforcement personnel, in-house security experts, Big 4 consultants, federal regulators, threat intel and dark web experts. We have helped clients and partners for 10+ years across industries and geographies with the following services:

• Incident Response, Intelligence, and Investigations.
• Technology, Privacy, and Cyber Risk Advisory.
• End Point & Managed Detection & Response.

The EMEA Cyber security & Privacy practice is growing and has ambitions to expand its capabilities from a strong base in incident response, intelligence and investigations into additional proactive security, AI security and managed detection & response services.

Why Join Ankura

• You will have the opportunity to get involved with both Proactive and Reactive work.
• We can support and develop individuals who aspire to be an expert.
• Opportunities for career development, an assigned career mentor, access to Ankura Academy, and opportunities to collaborate on projects with other Ankura practices.
• Work with a collaborative environment, whereby our professionals have the freedom to innovate which promotes curiosity, learning and communication.

Role: The Director role is Manager level position. Ankura’s Cyber security and Privacy Practice is a full-service suite of cyber security and privacy solutions, regardless of industry or size.

Responsibilities

• Cyber Security Program & Strategy: Evaluate and enhance client cyber security programmes against recognised frameworks like NIST, ISO, DORA, and NIS2. Advise on security strategy for cloud and hybrid environments, acting as a vCISO to guide their cyber resilience and security posture.
• Risk Management & Remediation: Conduct comprehensive cyber risk assessments, including third-party risk management and cyber risk quantification. Develop and oversee remediation plans, from initial assessment to full delivery, ensuring a seamless consulting engagement.
• Policy & Incident Response: Develop and refine security policies, including Business Continuity Plans (BCPs) and incident response plans. Support the delivery of cyber security and crisis tabletop exercises to test client resilience.
• Mergers & Acquisitions (M&A): Conduct Cyber Due Diligence (DD) for pre-acquisition and post-acquisition reviews, specifically for private equity (PE) houses and other corporate clients.
• Project Leadership & Delivery: Lead and manage end-to-end client engagements. This includes project scoping, proposal development, and ensuring timely delivery of all project deliverables within a consulting framework.
• Technology & Expertise: Possess deep knowledge of security technologies and architectures, with an understanding of AI risk and the use of AI technologies in cyber security.
• Team Leadership: Supervise and mentor less experienced consultants and client personnel.

Requirements:

• Experience: Experience in a Big four or a mid-tier consulting firm is essential, with a background in leading cyber security projects and acting in a vCISO capacity. Experience with scoping projects, developing budgets, and crafting proposals for new business is essential.
• Technical Knowledge: In-depth understanding of security principles and network architectures. Ability to assess security controls across major cloud platforms (Azure, AWS, GCP, Office 365).
• Frameworks: Strong familiarity with NIST, ISO, PCI, DORA, NIS2, EU AI Act, NIST AI RMF and other relevant frameworks.
• Qualifications: Professional certifications such as CISSP, CISM, CISA, Prince2 or PMP are preferred.
• Skills: Strong analytical, communication (written and verbal), and organisational skills. Ability to work both independently and as part of a team in a high-paced consulting environment.
• Travel: Flexibility to travel outside the UK for work, which may involve a few weeks at a time on short notice.
• Good to have: Knowledge / experience of the incident management lifecycle, ethical hacking, DFIR, secure development practices and internal audit. Experience and exposure to AI technology challenges and opportunities.